We want the browsable API to display the log in and log out views. In order to make this possible, we have to add a line in the urls.py file in the restful01/restful01 folder, specifically, in the restful01/restful01/urls.py file. The file defines the root URL configurations and we want to include the URL patterns provided by the Django REST framework that provide the log in and log out views.
The following lines show the new code for the restful01/restful01/urls.py file. The new line is highlighted. The code file for the sample is included in the hillar_django_restful_08_01 folder, in the restful01/restful01/urls.py file:
from django.conf.urls import url, include
urlpatterns = [
url(r'^', include('drones.urls')),
url(r'^api-auth/', include('rest_framework.urls'))
]
Open a web browser and go to http://localhost:8000/. Replace localhost by the IP of the computer that is running Django's development server in case you use another computer or device to run the browser. The browsable API will compose and send a GET request to / and will display the results of its execution, that is, the Api Root. You will notice there is a Log in hyperlink at the upper-right corner.
Click or tap Log in and the browser will display the Django REST framework login page. Enter the name you used to create djangosuper in the Username textbox and the password you used instead of passwordforsuper for this user in the Password textbox. Then, click Log in.
Now, you will be logged in as djangosuper and all the requests you compose and send through the browsable API will use this user. You will be redirected again to the Api Root and you will notice the Log in hyperlink is replaced with the username (djangosuper) and a drop-down menu that allows you to log out. The following screenshot shows the Api Root after we are logged in as djangosuper:
Click or tap on the username that is logged in (djangosuper) and select Log Out from the drop-down menu. We will log in as a different user.
Click or tap Log in and the browser will display the Django REST framework login page. Enter the name you used to create user01 in the Username textbox and the password you used instead of user01password for this user in the Password textbox. Then, click Log in.
Now, you will be logged in as user01 and all the requests you compose and send through the browsable API will use this user. You will be redirected again to the Api Root and you will notice the Log in hyperlink is replaced with the username (user01).
Go to http://localhost:8000/drones/12. Replace 12 with the ID generated for the previously created drone in your configuration. The browsable API will render the web page with the results for the GET request to localhost:8000/drones/12.
Click or tap the OPTIONS button and the browsable API will render the results of the HTTP OPTIONS request to http://localhost:8000/drones/12 and will include the DELETE button at the right-hand side of the Drone Detail title.
Click or tap DELETE. The web browser will display a confirmation modal. Click or tap the DELETE button in the modal. As a result of the HTTP DELETE request, the web browser will display an HTTP 403 Forbidden status code in the response header and a detail message indicating that we do not have permission to perform the action in the JSON body. The owner for the drone we want to delete is djangosuper and the authentication credentials for this request use a different user, specifically, user01. Hence, the operation is rejected by the has_object_permission method in the IsCurrentUserOwnerOrReadOnly class. The following screenshot shows a sample response for the HTTP DELETE request:
